diff options
| author | Janis Danisevskis <jdanis@android.com> | 2016-09-29 12:39:18 +0100 |
|---|---|---|
| committer | Stephen Smalley <sds@tycho.nsa.gov> | 2016-09-29 09:59:44 -0400 |
| commit | 6dd85b9e0e1d0e875263cc8cba3e3d4383974700 (patch) | |
| tree | 0c868ce014b56634462974ac99c9101d37eec6a8 /libselinux/src/label_backends_android.c | |
| parent | b3d9550bcd26673fe8739e159c7dfbca50b8ce50 (diff) | |
| download | android_external_selinux-6dd85b9e0e1d0e875263cc8cba3e3d4383974700.tar.gz android_external_selinux-6dd85b9e0e1d0e875263cc8cba3e3d4383974700.tar.bz2 android_external_selinux-6dd85b9e0e1d0e875263cc8cba3e3d4383974700.zip | |
libselinux: android: fix lax service context lookup
We use the same lookup function for service contexts
that we use for property contexts. However, property
contexts are namespace based and only compare the
prefix. This may lead to service associations with
a wrong label.
This patch introduces a new back end for android
services with a stricter lookup function. Now the
service name must match the key of the service label
exactly.
Signed-off-by: Janis Danisevskis <jdanis@android.com>
Diffstat (limited to 'libselinux/src/label_backends_android.c')
| -rw-r--r-- | libselinux/src/label_backends_android.c | 54 |
1 files changed, 52 insertions, 2 deletions
diff --git a/libselinux/src/label_backends_android.c b/libselinux/src/label_backends_android.c index 290b4382..4d6ec86e 100644 --- a/libselinux/src/label_backends_android.c +++ b/libselinux/src/label_backends_android.c @@ -244,7 +244,7 @@ static void closef(struct selabel_handle *rec) free(data); } -static struct selabel_lookup_rec *lookup(struct selabel_handle *rec, +static struct selabel_lookup_rec *property_lookup(struct selabel_handle *rec, const char *key, int __attribute__((unused)) type) { @@ -279,6 +279,38 @@ finish: return ret; } +static struct selabel_lookup_rec *service_lookup(struct selabel_handle *rec, + const char *key, int __attribute__((unused)) type) +{ + struct saved_data *data = (struct saved_data *)rec->data; + spec_t *spec_arr = data->spec_arr; + unsigned int i; + struct selabel_lookup_rec *ret = NULL; + + if (!data->nspec) { + errno = ENOENT; + goto finish; + } + + for (i = 0; i < data->nspec; i++) { + if (strcmp(spec_arr[i].property_key, key) == 0) + break; + if (strcmp(spec_arr[i].property_key, "*") == 0) + break; + } + + if (i >= data->nspec) { + /* No matching specification. */ + errno = ENOENT; + goto finish; + } + + ret = &spec_arr[i].lr; + +finish: + return ret; +} + static void stats(struct selabel_handle __attribute__((unused)) *rec) { selinux_log(SELINUX_WARNING, "'stats' functionality not implemented.\n"); @@ -298,7 +330,25 @@ int selabel_property_init(struct selabel_handle *rec, rec->data = data; rec->func_close = &closef; rec->func_stats = &stats; - rec->func_lookup = &lookup; + rec->func_lookup = &property_lookup; + + return init(rec, opts, nopts); +} + +int selabel_service_init(struct selabel_handle *rec, + const struct selinux_opt *opts, unsigned nopts) +{ + struct saved_data *data; + + data = (struct saved_data *)malloc(sizeof(*data)); + if (!data) + return -1; + memset(data, 0, sizeof(*data)); + + rec->data = data; + rec->func_close = &closef; + rec->func_stats = &stats; + rec->func_lookup = &service_lookup; return init(rec, opts, nopts); } |